Many organizations are confronted with multiple issues flagged by security tools; are you struggling with security remediation? If so, this talk is for you.
We will discuss the OpenSSF Scorecard, a tool that tells us how well a code repository follows essential security best practices related to code vulnerabilities, maintenance, continuous testing, and minimising source and build risk. We will discuss what the tool measures, why it is necessary, and the steps involved in getting a good score.
We will then discuss how automation and tooling can streamline and simplify the process of applying these best practices. We will introduce an open-source project, Secure-Repo, that aims to automate security remediation tasks. This tool can help developers address security issues flagged by OpenSSF Scorecard.
At the end of this talk, you will better understand how to apply best practices to improve the security of your code repository using automation and tooling.
CEO and Co-Founder @Step_Security
Varun Sharma is the CEO and co-founder of StepSecurity, an open-core startup that empowers developers to defend against software supply chain attacks by automating security best practices.
He was formerly a Principal Security Software Engineering Manager at Microsoft, where he led the Green Team with a charter to solve high-risk, systemic security issues for Microsoft Azure.
Varun has over 15 years of security experience and an MSc in Information Security from Royal Holloway, University of London.